We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
现在有一个基于Spring Security 的管理系统(UPMS),需要权限认证。 与 tkey 联合后,用户在初次登录时,在 tkey 处做认证(/authorize)、获取用户信息(/userinfo)、重定向页面,之后登入系统。 请问在 tkey 处获取用户信息时,实际是应该用 rest方式调用 UPMS 处的 api 获取该用户的角色、权限信息,之后封到OauthUserProfile的UserAttribute里面吗? 现在做用户名/密码部分的认证时也是调用 UPMS 那边的API 验证用户身份的. 刚学spring security,还是有点不太理解这个流程, ~~求助.
OauthUserProfile
UserAttribute
public class OauthUserProfile implements Serializable { private static final long serialVersionUID = 8098354063458373513L; // root 对象中必须要有一个主键,Spring Security 的 FixedPrincipalExtractor.java 限定了这几个:"user", "username","userid", "user_id", "login", "id", "name" // 也因为这个场景,所以这里冗余了其他几个属性 // 客户端需要用到哪个属性作为主键就用哪个,没必要全部搬过去 private String username; private String name; // private String id; // private String userId; private OauthUserAttribute userAttribute; private String grantType; private String clientId; private Long iat; private Long exp; }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
ghost
changed the title
现在有一个基于Spring Security 的管理系统(UPMS),需要权限认证。
与 tkey 联合后,用户在初次登录时,在 tkey 处做认证(/authorize)、获取用户信息(/userinfo)、重定向页面,之后登入系统。
请问在 tkey 处获取用户信息时,实际是应该用 rest方式调用 UPMS 处的 api 获取该用户的角色、权限信息,之后封到
OauthUserProfile的UserAttribute里面吗?现在做用户名/密码部分的认证时也是调用 UPMS 那边的API 验证用户身份的.
刚学spring security,还是有点不太理解这个流程, ~~求助.
The text was updated successfully, but these errors were encountered: